package com.musemun.config;

import com.musemun.exception.MyDefineException;
import com.musemun.pojo.EmployeeRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;

import javax.annotation.Resource;
import javax.validation.constraints.NotNull;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;

/**
 * <p>
 *      实现springSecurity的url权限决策器
 * </p>
 * @author winner
 * @date 2020/5/9
 */
@Component
public class MyAccessDecisionManager implements AccessDecisionManager {

    private final static Logger logger = LoggerFactory.getLogger(MyAccessDecisionManager.class);
    @Override
    public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException
    {
        {
            logger.info("authentication="+authentication+",object="+object+",configAttributes="+configAttributes);

            if(configAttributes==null||configAttributes.size()<=0)
            {
                return ;
            }
            else {
                for (ConfigAttribute configAttribute : configAttributes) {
                    for (GrantedAuthority ga : authentication.getAuthorities()) {
                        if (configAttribute.getAttribute().trim().equals(ga.getAuthority().trim())) {
                            return;
                        }
                    }
                }
            }
            throw new AccessDeniedException("当前没有访问权限");
        }
    }


//    logger.info("authentication="+authentication+",object="+object+",configAttributes="+configAttributes);
//
//        if(configAttributes==null||configAttributes.size()<=0){
//        return ;
//    }else {
//
//        Employee employee = employeeRepository.findByUsername(authentication.getName());
//        if(employee==null){
//            for(ConfigAttribute configAttribute : configAttributes){
//                for(GrantedAuthority ga:authentication.getAuthorities()){
//                    if(configAttribute.getAttribute().trim().equals(ga.getAuthority().trim()))
//                        return;
//                }
//            }
//        }
//
//        else{
//            for(ConfigAttribute configAttribute : configAttributes)
//            {
//
//                if(configAttribute.getAttribute().trim().equals(employee.getRoles()));
//                {
//                    logger.info("需要的权限="+configAttribute.getAttribute()+"访问的权限="+employee.getRoles());
//                    return;
//                }
//            }
//        }



    @Override
    public boolean supports(ConfigAttribute attribute) {
        return true;
    }

    @Override
    public boolean supports(Class<?> clazz) {
        return true;
    }
}
